Pop-ups: These appear to attempt to get a user to click a link to something which looks good but is a link to malware. Most web browsers have a pop-up blocker activated so for a pop-up window to get past the blocker usually means it is a malicious popup. 

Browser redirection: A user attempts to visit a website and gets redirected to a different site. This could be a sign of malware on the system. If multiple users have the same redirection problem, the problem is most likely a bad DNS server entry. 

Security alert: An antimalware program can pop up with a warning that a website or file is potentially harmful. 

Slow performance: This could be caused by malware but could also be caused by having too many resources in use. Check Task Manager and/ or Performance Monitor to see which apps are using a lot of the CPU and/or memory. A hard drive near capacity will also cause slow system performance.  

Internet connectivity issue: Besides this being a hardware, network card, or configuration issue, malware can change the proxy settings of one’s Internet browser settings, thus causing a connection to fail. This is especially true if one browser does not work but the rest of the browsers work. 

PC/OS locks up: This could be caused by malware but more than likely this is caused by an overload in system resources, specifically CPU and RAM. This could be a hardware issue, often caused by overheating. 

Application crash: If an application keeps crashing, check the Event Viewer application log for error messages and use those messages to  research the problem. Also, try uninstalling and reinstalling the application. 

Windows update: If a Windows update fails, check the update history to see what is causing the failure. It could be a break in Internet connectivity. It is unlikely to be malware-related, but that cause should not just be ruled out. 

Rogue Antivirus: Malware which disables antivirus software. A system must be booted into Safe Mode in order to run the antivirus program. Or, one may need to temporarily obtain a different antimalware program and run it in order to enable the original antivirus software. 

Spam: Email which is unsolicited or unwarranted. Most email providers have a solid junk email filter. A sender’s email address can be added to a junk email list. Clicking a link in a spam message can cause an infection known as a driveby download (an unwarranted, unknown download). 

Renamed System files: Malware can rename system files and/or extensions. Check the modification date on these files if you are suspicious. One may need to boot into the Windows Recovery Environment (WinRE) and run the SFC /scannow command to identify bad system files and replace them. 

Files disappearing: Before assuming malware, check to make sure the files are not hidden. Many system files and folders with user settings are hidden by default. When in doubt, run an antimalware scan. 

File permission changes: If boot files cannot be accessed, a boot record fix needs to take place. If other files cannot be accessed, run the  antivirus/antimalware program to see if malware is present on the machine. 

Responses from users regarding email: If an email account is hijacked, email will be sent to people in the account’s address book. If this happens, a user needs to change all online passwords (especially the email password) and get a copy of the originating IP address of the email message and report that address to the email provider. 

Automated replies from unknown sent email: A sign that one’s email has been hacked is the email is receiving failed delivery notification messages from email addresses one does not recognize. The user should change all online passwords, find out the originating IP address of the email, and report that address to the email provider. 

Access denied: Malware can be caught by the User Account Control (UAC) feature when trying to install itself. Or, a RunDLL access denied  message can appear if malware is trying to install itself. A user should always be suspicious of these messages when the user did not purposely try to download a file or executable program. 

Invalid certificate: This appears on a website when the certificate issued by the certification authority (CA) for that website has not been verified to be trustworthy and current. Unless one knows the site is trustworthy, the site should be avoided. Certificates originate from a root CA, the top-level certificate authority server on a network. 

Security Troubleshooting Tools 

Anti virus software: If a virus is suspected, update the definitions of the antivirus software on the system and run this immediately. Tis may need to be run in Safe Mode. The tool will usually quarantine, repair, and/or remove infected files. 

Antimalware software: Usually more robust than antivirus software. Quarantine the system and run this tool. Disable System Restore before running this tool and enable System Restore and create a restore point after cleaning the malware off of the system. 

Recovery Console: Known as the Windows Recovery Environment (WinRE), under advanced boot options (through pressing F8 while booting or Shift+F8 while booting Windows 8/8.1). From here, you can run startup repair, Windows Memory Diagnostics, or a command prompt which will allow for running commands such as SFC or BOOTREC. This is not installed by default in Windows Vista. 

Terminal: Used in Linux to fix security issues. The chmod command changes permissions on files and folders while the chown command changes ownership on files and folders. To examine partitions, run the sudo parted /dev/sda ‘print’ command. Use the sudo fsck /dev/sda# to check a partition (where # is a partition #). 

System restore/snapshot: Moves a system back to a restore point, which can uninstall software and/or undo system changes which cause instability in Windows. The System Image Recovery tool allows for replacing a possibly malware-infected system image with a saved system image. The System Image Recovery tool is called Windows Complete PC Restore in Windows Vista. 

Pre-installation environment: Used when running antivirus/antimalware in Safe Mode does not completely rid the system of malware. Now, it is safe to suspect the boot sector or Master Boot Record contains malware. Boot into WinRE, access the command prompt, and run bootrec /fixmbr to fix the Master Boot Record. 

Event Viewer: Has system, application, and security logs. These logs can reveal patterns of problems which technicians can then use to search for and implement fixes to systems. 

Refresh/restore: Besides using System Restore, Windows 8.1 has a refresh feature which allows for refreshing of Windows system files without affecting one’s personal files. Installed apps from discs or websites will be removed. 

MSCONFIG/safeboot: On the Boot tab of MSCONFIG, the following boot options can be configured: 

Safe Boot Minimal: Boots into Safe Mode. 

Safe Boot Alternate Shell: Boots into Safe Mode with Command Prompt. 

Safe Boot Active Directory Repair: Boots into Directory Services Restore Mode (DSRM). 

NO GUI Boot: Boots without a Windows screen. 

Boot Log: Enables boot logging. 

Base Video: Enables Low-Resolution Video. 

OS Boot information: Displays driver names as they are being loaded 

System Performance Troubleshooting 

Service fails to start: Check to make sure the service is enabled and set to start automatically. You may also need to check the dependencies of the service to make sure they are starting properly. Antimalware program can pop up with a warning that a website or file is potentially harmful. run services.msc 

Files fail to open: A file may have the wrong file association. For example, a PDF file may be associated to open in a web browser instead of Acrobat Reader. Or, a program used to open a file may have been uninstalled. Go to control panel - default programs. 

Missing DLL message: A dynamic link library (DLL), a file with reusable code, is missing. If a system .dll file is missing, run the sfc/scannow command to attempt to fix this issue. If the error is application-specific, reinstall the app. If needed, run regsvr32 and the .dll name to re-register the .dll file.  

Compatibility error: An app may be made for an older operating system. To fix a compatibility issues, either run the compatibility wizard in the Control Panel or set the app’s properties to run as if it were running in an older operating system. 

Blue Screen of Death(BSoD): If Windows crashes, a blue screen appears with an error message. Upon reboot, look to the Event Viewer for guidance on the problem. Stop errors start with 0x and an error number can be used in an online search for research. 

Spinning Pinwheel of Death(SPoD): The Mac equivalent of a BSoD. Disconnect any external hardware, restart the system, and see if the behavior repeats itself. If it does, perform all system updates available and run an antimalware scan. 

Slow system performance: Besides a nearly full hard drive, an over-utilized CPU and/or RAM being utilized at a high percentage will slow down the system. If virtual memory is being used, that too will slow down the system. Use the Task Manager to see if there are any processes which need to be stopped. 

Startup and Shutdown Problem 

First, rule out any potential hardware problems 

Hold down F8 (Shift+F8 for Windows 8/8.1) when trying to restart and attempt to boot to the last known good configuration. If that works, consider running a system restore as a change may have adversely affected  the system. One can also attempt to boot the computer into Safe Mode. If the computer will boot into Safe Mode but not normal mode, run an antimalware scan once the computer is in Safe Mode.  

Another possible solution is to run the startup repair, found in the WinRE. You can try to repair the startup files automatically through WinRE, or, access a command prompt and run one of the following commands, depending upon the problem you are having: 

sfc /scannow: Verifies and, if necessary, repairs system files. 

bootrec /fixboot: Fixes the boot sector. 

bootrec /fixmbr: Repairs the Master Boot Record. 

Improper shutdown: If a system is not shutdown properly, an error message is likely to appear when Windows reboots. If Windows does not reboot, follow the steps outlined earlier in this project to attempt to get Windows to boot properly.  

Spontaneous shutdown/restart: Probable causes: 

Virus: Run antivirus software and sfc /scannow to check system files. 

Memory: Run Windows Memory Diagnostics. 

Power Supply: Check voltages to make sure they are within 5% of the prescribed voltages. Often, the BIOS will show this information. 

Overheating: Check to make sure all of the fans work well. 

Boots to safe mode: If a hardware or software change is made, this can happen if, on the initial reboot, the system does not boot up completely. If this is a consistent problem, the two main causes are: The system is set to boot to Safe Mode through the Boot options area in MSCONFIG. Malware may have infected the system. Run the antivirus/antimalware program. 

Missing NTLDR: This error relates to Windows XP. The computer may be trying to boot to a non-bootable disk. If not, boot to Windows RE with the Windows XP disc and run these two commands: 

Copy d:\i386\ntldr c:\ 

Copy d:\i386\ntdetect.com c:\ 

Missing boot.ini: A possibility in Windows Vista and 7. More than likely, the boot configuration data (BCD) file needs to be rebuilt. From a Windows RE command prompt, run the following: 

BCDEDIT /Export c:\backup_bcd (backs up current BCD file) 

C: 

CD Boot 

ATTRIB bcd –s –h –r (removes system, hidden, and read-only attributes) 

REN c:\boot\bcd bcd.old (renames current file) 

BOOTREC /rebuildbcd (rebuilds bcd file) 

Missing Operating System: The usual cause for this message is a missing boot sector or a bad Master Boot Record. From a command prompt in Windows RE, try running bootrec /fixmbr, especially if the error message indicates the bootmgr file is not found or missing. 

Missing Graphical Interface: The operating system fails to load. Possible error messages include: Error loading operating system or Invalid Partition table. First, make sure the BIOS boot order is correct. If it is, boot into Windows RE, access the command prompt, and try running these commands: 

bootrec /rebuildbcd – to rebuild the boot configuration data file. 

bootrec /fixboot – to fix the boot sector. 

bootrec /fixmbr – to fix the Master Boot Record. 

Graphical Interface fails to load: Try the same fixes as indicated in the Missing Graphical Interface issue. Also, check the boot options in MSCONFIG to make sure the NO GUI Boot option is not selected. 

Missing GRUB/LILO: The major boot file on some Linux systems is Grand Unified Bootloader (GRUB) while on other Linux systems the file is the Linux Loader (LILO). This error is most likely the result of installing Linux and then Windows on a system, rather than install Windows and then Linux. The fixes are as follows:  

For GRUB: mount the partition Linux is on and then reinstall GRUB. The command line is (or similar to): 

sudo apt-get install –reinstall grub-efi-amd64. 

For LILO: Run the /sbin/lilo command to reinstall LILO. 

Kernel panic(Mac): This is a problem on a Mac. The symptom is a dark gray screen with a message that the system must reboot. This is usually the result of a hardware issue. Detach all external hardware and reboot. Update any necessary drivers. Make sure hardware is seated properly. 

In addition, one could plug in a device, or, the device may be plugged into the machine when the computer starts up and the device itself may not start. Examples of this include any USB device, such as an external hard drive which does not appear in Explorer or a webcam which fails to start up. Should a device fail to start, launch Device Manager and look for any yellow icons on hardware (indicating a driver problem) or any black arrow icons (indicating a device is disabled). 

Software Troubleshooting Tools 

Bios/UEFI: The BIOS is used primarily to make sure boot disks are in the correct order and hardware such as RAM, disks, and other hardware devices have the proper settings. On newer systems, a United Extensible Firmware Interface (UEFI) is replacing the BIOS as UEFI can boot on drives of up to 2TB.  

SFC: The System File Checker (SFC) checks system files for integrity and, if asked, attempts to repair those files. SFC is a command line tool with four common switches: 

/scannow: Scans system files and attempts to repair them, if needed. 

/verifyonly: Scans system files but does not attempt to repair them. 

/scanfile: Scans a specified system file and attempts to repair it, if needed. 

/verifyfile: Scans a specified system file but does not try to repair it. 

Logs: If a system has trouble starting up, the boot log should be examined. It is found at C:\Windows\ntblog.txt. To see this from a command prompt,  

run NOTEPAD C:\Windows\ntblog.txt command. 

Recovery Console: Known as the Windows Recovery Environment (WinRE). Its sections include: 

Startup Repair: Tries to repair startup problems automatically. 

System Restore: Moves the system back to a system restore point. 

System Image Recovery: Known as Windows Complete PC Restore in Windows Vista. This tool allows one to replace the current image with a saved system image. 

Repair disks: In Windows Vista and 7, a System Repair Disc can be created. For Windows 8/8.1, a recovery drive is a bootable external drive which stores boot and system files. Both of these tools are used to attempt to repair Windows installation. 

Pre-installation environment: If a boot sector has been affected and a technician suspects malware, this area is a good place to run an antivirus check. 

MSCONFIG: Used to troubleshoot boot settings, services, and startup settings (only in Windows Vista and Windows 7). 

DEFRAG: Used to defragment a magnetic hard disk drive, thus increasing performance. This can be run through a GUI or the DEFRAG command in the command prompt. If DEFRAG is run through a command prompt, two common switches are: 

/a: Analyzes the drive. 

/c: Defragments the drive. 

REGSRV32: Used to register and unregister Dynamic Link Library (DLL) files. This can become necessary when an uninstallation unregisters a DLL file belonging to another app. 

REGEDIT: Used to fix system settings. REGEDIT accesses the Windows Registry, the database which stores Windows settings and many application settings.  

Event Viewer: A log tracking feature which stores system logs, applications logs, and security logs. Several types of events are stored, including information events, warnings, errors, critical events, and audit events. 

Emergency repair disk: In Windows Vista and 7, the Backup and Restore applet in the Control Panel can create a system repair disc. In Windows 8, a USB drive can be used as a recovery drive. 

Automated system recovery: In Windows Vista and 7, use the Backup and Restore applet in the Control Panel to create a system image. In Windows 8, create a recovery drive and then boot to that drive and use the automatic repair option in the Advanced Options area. 

Uninstall/reinstall/repair: Usual fix for a corrupt application. This is normally done through the Programs and Features area of the Control Panel. 

Aligning Multiple Monitors  

When two monitors are used on a computer, the monitors may not always be the same size and/or resolution. This situation can also happen when a laptop connects to an external monitor as laptops often have smaller resolution restrictions when compared to regular monitors. This often causes a mouse to seem to stop as it moves from one screen to another, especially if the bottom edges of the two monitors are not aligned. In addition to an alignment issue, monitors can be backward in the sense that dragging a mouse off of the left edge of one monitor can make the mouse move to the right edge of the other monitor. 

Though not as common as misalignment problems, screens can also be set to the incorrect orientation. Often, a Ctrl+Alt+ arrow combination is accidentally pressed. Ctrl+Alt+ an arrow will change the screen orientation depending upon which arrow is pressed. Pressing Ctrl+Alt+Up Arrow will restore the screen to its normal orientation. 

Malware removal - A seven-step process 

The key is to look for abnormal behavior on a machine. Malware on the machine does not need to be a first assumption when evaluating a potential security issue. When looking for a security issue, check machine settings, user permissions, and overall machine performance. 

1. Identify the malware symptom: Observe the system for changes in system files. Use Task Manager to determine if any unfamiliar apps or processes are running. If an app was installed which was advertised as a virus removal tool but does not do so, it is a form of malware. 

2. Quarantine infected system: As soon as a system is deemed to have malware, it should immediately be removed from the network so that it does not affect other systems. Also isolate all removable media from system. 

3. Disable System Restore: In Windows, System Restore creates restore points for system settings on a regular basis or after a major installation. If left enabled, a system could revert to the state to where the virus was present. Thus, System Restore should be disabled. 

4. Remediate infected system: Make sure the antivirus/antimalware software has the current updates. This will best equip the software to remove malware. Then, run the antivirus/antimalware software and scan the system so malware can be identified and removed. If system files have been infected, the antimalware tool may need to be run in Safe Mode or the Windows Recovery Environment using external USB. 

5. Schedule scans and run updates: Make sure the antivirus/antimalware software is set to scan the system on a regular basis. The software should also be set to update its definition files on a regular basis. 

6. Enable System Restore and create restore point: In Windows, once a system is cleaned from malware, a restore point should be created. Re-enable System Restore and create a restore point. 

7. Educate end-user: If user actions caused the malware problem, educate the user on being careful about websites to visit and apps to download. Users should be taught to not obtain anything which seems suspicious. 

Common Hardware Problems 

First thing first: always follow the warranty. Never try to fix power supply. Take the best first step in troubleshooting hardware issues. 

No power: If there is no light on the motherboard, the power supply is most likely the problem and needs to be replaced. If a light does appear on the motherboard, make sure the power is properly connected to the motherboard. If that is not the problem, it could be a bad CPU. 

Blank screen on boot up: Try plugging in a different monitor. If that does not solve the problem, try a new video card. If there still is no screen, it may be the motherboard. 

Continuous reboots: This usually happens before a system is completely booted up. See if any hardware has recently been added or software recently installed. Try booting into safe mode and then check Device Manager for any hardware abnormalities. 

 Hardware Troubleshooting Tools 

Part of the challenge of troubleshooting hardware components in computers is isolating the hardware part that a technician thinks is causing the problem. Once a hardware component is isolated, one or more tools can be used to diagnose and/or verify a problem with a hardware component. There are four main tools technicians use to diagnose hardware problems with computer components.  

Multimeter: Used to test voltage. As an example, a voltage wire on a power connector can be tested to see if it is giving the proper voltage. 

Power supply tester: Used to check a power supply when it is not connected to a motherboard. Plug the power supply cables into the tester and turn on the tester. 

Loopback plug: A plug used to test an interface (port) to make sure it is working. Specifically, this applies to network card interfaces and interfaces on network devices such as switches and routers. 

POST card: A card which plugs into a PCI or PCIe slot an returns a code through an LED display. This runs as a machine is attempting to boot. Match the POST code with a list of code on a motherboard’s manufacturer to identify a startup problem. 

 Common Hard Drive Problems 

Failure to boot: Check to make sure the drive is properly connected to power and the motherboard. If the connections look good, the hard drive might be failing. Try putting the drive in another system to see if it is readable. 

Drive not recognized: Check to make sure the cabling is correct and the SATA port the drive is plugged into is enabled. 

 Hard Drive Troubleshooting Tools 

Often, hard drives cannot be repaired and need to be replaced, as in the case of a hard drive making a clicking noise indicating a failing platter. However, if the hard drive problem is merely performance-related, there is a set of software tools which can diagnose and fix the hard drive problem. Two hardware tools used to help troubleshoot hard drives are: 

Screwdriver: A screwdriver is not used to open a hard drive. Most hard drives are mounted inside of desktops and thus a screwdriver is needed to unscrew and dismount the hard drive from the desktop computer. For laptop hard drives, a screwdriver is needed to remove the case protecting the hard drive. 

External enclosure: A unit used to hold a hard drive so that it can be used as an external hard drive. External enclosures include power and SATA connectors for a drive and either a DC jack for power or its power is received through a USB connection to a computer.  

There are several software tools which can be used to diagnose and solve hard drive problems. One of the tools is the bootrec command. Bootrec is a command run during a system recovery in Windows. When a computer boots, a user needs to hold down F8 (Shift+F8 in Windows 8) and then select Repair your Computer in Windows 7 or Troubleshoot in Windows 8 and then choose to display a command prompt.  

Bootrec /fixmbr: Attempts to fix the master boot record. This is necessary when a virus corrupts the master boot record. 

Bootrec /fixboot: Writes a new boot sector onto the system partition. 

Bootrec /rebuildbcd: Rebuilds the boot configuration data file through scanning all disks to find bootable operating systems. 

Bootrec /scanos: Scans for operating systems on a computer. 

IP Addresses 

APPIPA – 169.254.x.x 

If IP address is 169.254.x.x, then there is a problem with DHCP server. Windows system assigned temporary IP address to communicate with the internal machines.  

Find out IP address 

Run >ipconfig /? For help. 

To see the detail of IP settings, run >ipconfig /all 

Ping – troubleshooting connectivity 

Ping to local NIC card first. Run >ping 127.0.0.1 

Ping to access point. Run >ping 192.168.0.1 

Ping to outside LAN. Run >ping www.learnkey.com 

Tracert- troubleshooting connectivity 

Used to see the number of hops from source to destination. The biggest use for tracert is to see where packets are being held up going from a host to a destination. Tracert is used in Windows. The equivalent command in other operating systems is traceroute.  

Run >tracert www.learnkey.com
 

Pathping- troubleshooting connectivity 

This command is kind of a combination of ping and tracert in that it first traces a path from source to destination and then takes several minutes to test packets going from source to destination. The resulting output is an analysis of success in packets reaching each hop from host to destination.  

Run >pathping www.learnkey.com
 

Nbtstat – look for MAC address and NetBIOS name 

NBTSTAT is a command prompt tool used to display a NetBIOS name and MAC address for a machine given a machine name or IP address. Run >nbtstat /? To find out more. 

Troubleshooting Wireless Access Point 

Know the causes of interference to the WAP 

Wireless Channel Utilization: When wireless channel utilization reaches 50% or higher, performance starts to suffer. Some wireless access points have that information. Sometimes, the information needs to be obtained through a third-party tool.
Also, make sure channels are set to auto, 1, 6, or 11 and that all of the wireless devices connecting to the wireless access points are using the same channel.
 

Saturation: If too many devices are connected to the same wireless access point, device saturation will set in and no one will get good bandwidth. Look into getting at least one more wireless access point for the network. If too many people are getting video streams at once, bandwidth will become saturated. Possible fixes are to buy more bandwidth or use QoS to control bandwidth.
 

Wrong SSID: When a new wireless access point is installed for the purpose of adding a wireless access point, the installer does not always take the time to find out what the SSID is. The same holds true when switching ISPs. The fix here is just to change the SSID to what it needs to be.

Wireless Access Points and Security: Some wireless access points have their default configuration set to an open access point. In an open access point, no password is needed and no MAC filtering is enabled. You want to avoid having open access points on your network. There could also be a rogue access point. A rogue access point is added to a wireless network without authorization. It may not be a malicious access point, but, still, it is good to try to keep those off of a wireless network.
 

Troubleshooting Wireless Access Point 

Know the type of router used; 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac. 

WAP type changed: When there is upgrade in wireless access point, it will affect user's device. Each WAP will have their own standard settings.  

Thin access point – router 

Thick access point – server (LWAPP) 

Testing Network Speed 

To test the speed of the network, use www.speedtest.net 

Troubleshooting Copper Cables 

Mismatched Cable Standards: Sometimes, the cable may be perfectly functional but it may be the wrong cable for the job. If a computer is to connect to a console port, a rollover cable is needed. If a computer is connecting directly to a switch, a crossover cable is needed unless the switch port is an Auto MDI-X port in which case, a straight-through cable will work.
 

Crosstalk Types and Electromagnetic Interference (EMI): Crosstalk occurs when there is interference on wires for multiple transmissions. This is analogous to two people having a phone conversation and then starting to hear someone else’s conversation on their phone call. Specifically, there are two types of crosstalk:
Near-End Crosstalk (NEXT): Interference levels are measured at the same end as the interfering transmitter.
Far-End Crosstalk (FEXT): Interference levels are measured at the opposite end as the interfering transmitter.
EMI occurs when twisted-pair cable is placed near elevator shafts or fluorescent light. Running cable vertically through a riser or horizontally through a cable tray will help protect it from EMI.
 

Distance Limitations: 100 meters (328 feet) is the maximum distance for twisted-pair cable. Any longer than that and a repeater is needed to boost a signal.
 

Connector Problems: One of the most common problems with twisted-pair cable is that the flange of an RJ-45 connector breaks. The cable is very loose at that point. Cutting the cable and then putting a new connector on using a cable crimper solves the problem. Coaxial cable connectors can have problems as well as those connectors can get bent.
 

Split Pairs: If pairs are split, signal strength will be reduced. This usually means there is an open or short in the cable.
 

Tx/Rx Reverse: Otherwise known as Transmit/Receive reverse, this occurs when two pairs of pins in a twisted-pair cable are switched out from transmission point to receiving point. This is a fancy way of saying you have a crossover cable. Crossover cables will not work where straight–through cable is needed.
 

SFP/GBIC Transceivers: Gigabit Interface Converters (GBIC) and Small Form-Factor Pluggable (SFP) link a gigabit Ethernet port with a fiber network. One situation to look out for is that plugging a converter into an Ethernet port disables the port even if the device says the port is working.
 

Troubleshooting Fiber-Optic Cables 

Connector Problem: Fiber-optic connectors can get dirty quickly. A dirty connector can cause performance issues. One way to avoid dirty connectors is to keep fiber-optic connectors plugged in as much as possible. Connectors need to be properly aligned when connecting fiber-optic cables as well.
 

Cable Mismatch: Some fiber-optic cables have a diameter size of 50 microns and some have a diameter size of 62.5 microns. Plugging a 50 micron cable into a 62.5 micron cable will cause a ricochet effect as light will bounce around the cable with the larger micron. A fiber type mismatch occurs when a single-mode cable is plugged into a multimode interface.
 

Chromatic Dispersion: If a signal has to travel longer than the maximum length of a fiber-optic cable, chromatic dispersion takes place, causing a signal loss. Chromatic dispersion occurs when the white light on the signal separates into different wavelengths, causing a rainbow. The loss of signal over distance in twisted-pair cable is known as attenuation.
 

Cable Limitations: Fiber-optic cable has bend radius limitations due to their glass conductors on the inside of the cable. This makes fiber-optic cable somewhat tricky to maneuver within a building. And, like twisted-pair cable, fiber-optic cable is subject to distance limitations.
 

Troubleshooting Switches 

Switching Loops: Switching loops occurs when a switch that just received a broadcast from a switch sends a broadcast back to the original switch. This is also known as a broadcast storm. Enabling Spanning Tree Protocol will help prevent this problem.
 

Incorrect VLAN Assignment: Sometimes an administrator will be in a hurry to get a port on a switch into a VLAN so a user who needs to be in that VLAN will be there. Hastily moving a port to another VLAN could make the person who originally was plugged into that switch not operable on the network. The best way to mitigate this is to keep good documentation on VLANs and the port numbers that belong to each VLAN. A request to move an interface to a different VLAN should go through a change control process.
 

Interface Misconfiguration: A port on a switch could be misconfigured. It may be on the wrong VLAN. A packet filter may be on the interface when it should have been assigned to the interface next to it. Again, documentation and change control is the key to minimizing mistakes.
 

Troubleshooting NICs 

Network Interface Controllers (NICs) must be configured correctly in order for users to get the network connections they need.
 

Steps for Completion:
1. On a Windows computer, click Start.
2. Type: Network and Sharing Center.
3. When you see the Network and Sharing shortcut, click it.
4. Click Change Adapter Settings.
5. When you see the NIC that has a live connection, right-click on it and click Properties.
6. Click Configure.
7. Click the Advanced tab.
8. Scroll down the list of properties until you see Speed & Duplex.
9. Click Speed & Duplex. Your screen should look like the image on
the right side of the page.
10. If the value is not set to Auto Negotiation, click the drop-down arrow and set the value to Auto Negotiation.
11. Click the OK button
 

Troubleshooting Hardware 

Server, router, switches and cables. 

The place to start when troubleshooting hardware is connectivity. If a computer cannot connect to another computer on the network, it could be a switch failure. If the computer can access network resources but cannot go further, it could be a router failure. If the connectivity looks good but certain applications are inaccessible, it is most likely a server failure. Overall, the idea behind hardware troubleshooting is that you will want to find out what is working so you can eliminate what is working as a possibility of what is not working.
 

Troubleshooting DHCP and DNS 

If either one of these services seem to stop functioning, the service should be reset. The first step in trying to restore full functionality to DHCP, DNS, or any other service is to restart the service. 
 

DHCP problem: First, make sure any DHCP scope set up does not contain any static IP addresses. Otherwise, a duplicate IP address situation could happen, affecting both machines with the same IP address on the network.
 

More importantly, there should only be one live DHCP scope per network segment. One of the most common ways in which DHCP ceases to work properly is that a wireless access point is added to the network with the default settings intact. Many wireless routers have DHCP turned on in their default configurations. If two DHCP servers are functional on the same network, machines will obtain IP addresses but very likely from the wrong source.
 

DNS problem: the first place to check is the list of DNS entries to see if anything was changed manually. An erroneous manual entry will cause a host to redirect to the incorrect IP address. If nothing looks out of the ordinary, check to see if the IP address of the server was changed. At this point, you are hoping the DNS server did not get attacked. 

Other Network Issues 

NIC Teaming Configurations: NIC teaming is the act of taking two physical network cards (usually on a server) and teaming them to essentially double the throughput of the NIC connection. This only works if the teaming is set to Active. In an active-active setting, both NICs are operational, each with its own MAC address. If one NIC is operational and the other NIC is set as a standby NIC, the configuration is known as Active-Passive. Sometimes, NIC teaming is done for multicast group membership. In order to use multicast group membership, Internet Group Management Protocol (IGMP) must be enabled.

Neighboring Devices on Networks: When a wireless access point appears on a network without prior knowledge from the network administrator, it is either a rogue access point, which is an unauthorized addition of an access point to a network, or an evil twin, which is a wireless access point looking to collect personal information from whoever logs into it. One way to tell if a wireless access point is suspect is that it does not have the same authentication as the legitimate access point. End users in a network who connect to wireless networks need to be made aware of these possibilities.
 

Troubleshooting Security 

Port Security: Ports that do not need to be open should be closed using a firewall.
 

Resource Permissions: The easiest way to control permissions is to adjust the access control list for the resource in question. Remember to use the principle of implicit deny.
 

Malware Types and Preventions:
Virus: Needs a carrier to propagate and it can replicate itself.
Trojan Horse: Does not need a carrier and does not replicate itself.
Worm: Does not need a carrier and can replicate itself.
 

The best defense against malware is user awareness and training and a strong antimalware program with definitions that update on a regular basis. 

 
Denial of Service Preventions: If possible, block incoming ICMP requests. This can prevent ping-related attacks, including a ping of death attack. A ping of death attack is an attack using oversized ICMP packets.
 

Unreachable Default Gateway: If a default gateway is not reachable, one will not be able to get outside of the local network. The best way to avoid this situation is to have a redundant default gateway.
 

Vulnerabilities and Patches: When doing updates on network resources, vulnerability patches should take top priority. Phase out end-of-life systems as soon as it is feasible to do so.
 

Malicious Users: Trusted malicious users are malicious users who have access to network resources. Untrusted malicious users are those who do not have access to network resources. The biggest tool of choice for malicious users to explore a network is a packet sniffer.
 

Authentication Issues: If TACACS+ or RADIUS is misconfigured, remote users will not be able to access the network or worse, users who should not access the network remotely might be able to do so.
 

Default Passwords and Back Door Attacks: Change default passwords on devices such as switches and routers as soon as possible. A back-door attack is an attack by an individual who bypasses standard security checks.
 

ARP Tables: An ARP table can be exposed, giving attackers a chance to get the table and see IP and MAC address combinations.
 

Banner Grabbing: In banner grabbing, a hacker gains access to a packet header, which then gives the hacker a MAC address. A hacker can then use the first six numbers to spoof a MAC address.
 

Domains vs. Local Workgroups: Once a machine is joined to a domain, a user no longer needs local administrator permissions on the machine, since administrative tasks now belong to the domain administrator.
 

Jamming: The act of purposely obstructing or interfering with a signal in order to prevent devices from communicating with access points. 

Run commands in Windows are so handy! Anytime you want something, simply type in the command, and it takes only about two seconds to get it. Are there things you wish you had a Run Command for? We have recently published two Run Commands articles, and they were popular, so we have decided to compile a big list of Run Commands that you can use. This list has 148 of them. 

Note that there are asterisks by some of the commands. All of the programs called up by these commands can be accessed from the Run box, the search box in your Start menu, or a command prompt. The ones with the asterisks can only be accessed by using the Run box; you can’t get the files with the search box or command prompt. Also, while most of the commands will work in Windows 8/8.1/10, some of them only run in Windows 7. 

Also, while most of the commands will work in Windows 8/8.1/10, some of them only run in Windows 7. 

Task Name/Run Command 

About Windows - winver 

Add a Device - devicepairingwizard 

Add Hardware Wizard - hdwwiz 

Advanced User Accounts - netplwiz 

Authorization Manager - azman 

Backup and Restore - sdclt 

Bluetooth File Transfer - fsquirt 

Calculator - calc 

Certificates - certmgr 

Change Computer Performance Settings - systempropertiesperformance 

Change Data Execution Prevention Settings - systempropertiesdataexecutionprevention 

Change Printer Settings - printui 

Character Map - charmap 

ClearType Tuner - cttune 

Color Management - colorcpl 

Command Prompt - cmd 

Component Services - comexp

Component Services - dcomcnfg -

Computer Management - compmgmt 

Computer Management - compmgmtlauncher 

Connect to a Network Projector - netproj 

Connect to a Projector - displayswitch 

Control Panel - control 

Create A Shared Folder Wizard - shrpubw 

Create a System Repair Disc - recdisc 

Credential Backup and Restore Wizard - credwiz 

Data Execution Prevention - systempropertiesdataexecutionprevention 

Default Location - locationnotifications 

Device Manager - devmgmt 

Device Pairing Wizard - devicepairingwizard 

Diagnostics Troubleshooting Wizard - msdt 

Digitizer Calibration Tool - tabcal 

DirectX Diagnostic Tool - dxdiag 

Disk Cleanup - cleanmgr 

Disk Defragmenter - dfrgui 

Disk Management - diskmgmt 

Display - dpiscaling 

Display Color Calibration - dccw 

Display Switch - displayswitch 

DPAPI Key Migration Wizard - dpapimig 

Driver Verifier Manager - verifier 

Ease of Access Center - utilman 

Encrypting File System Wizard - rekeywiz 

Event Viewer - eventvwr 

Fax Cover Page Editor - fxscover 

File Signature Verification - sigverif 

Getting Started - gettingstarted 

IExpress Wizard - iexpress 

Import to Windows Contacts - wabmig* 

iSCSI Initiator Configuration Tool - iscsicpl 

iSCSI Initiator Properties - iscsicpl 

Language Pack Installer - lpksetup 

Local Group Policy Editor - gpedit 

Local Security Policy - secpol 

Local Users and Groups - lusrmgr 

Location Activity - locationnotifications 

Magnifier - magnify 

Malicious Software Removal Tool - mrt 

Manage Your File Encryption Certificates - rekeywiz 

Math Input Panel - mip* 

Microsoft Management Console - mmc 

Microsoft Support Diagnostic Tool - msdt 

NAP Client Configuration - napclcfg 

Narrator - narrator 

New Scan Wizard - wiaacmgr 

Notepad - notepad 

ODBC Data Source Administrator - odbcad32 

ODBC Driver Configuration - odbcconf 

On-Screen Keyboard - osk 

Paint - mspaint 

Performance Monitor - perfmon 

Performance Options - systempropertiesperformance 

Phone Dialer - dialer 

Presentation Settings - presentationsettings 

Print Management - printmanagement 

Printer Migration - printbrmui 

Printer User Interface - printui 

Private Character Editor - eudcedit 

Problem Steps Recorder - psr 

Protected Content Migration - dpapimig 

Registry Editor - regedit 

Remote Access Phonebook - rasphone 

Remote Desktop Connection - mstsc 

Resource Monitor - resmon 

Resultant Set of Policy - rsop 

Securing the Windows Account Database - syskey 

Services - services 

Set Program Access and ComputerDefaults - computerdefaults 

Share Creation Wizard - shrpubw 

Shared Folders - fsmgmt 

Snipping Tool - snippingtool 

Sound Recorder - soundrecorder 

SQL Server Client Network Utility - cliconfg 

Sticky Notes - stikynot 

Stored User Names and Passwords - credwiz 

Sync Center - mobsync 

System Configuration - msconfig 

System Information - msinfo32 

System Properties (Advanced Tab) - systempropertiesadvanced 

System Properties (Computer Name Tab) - systempropertiescomputername 

System Properties (Hardware Tab) - systempropertieshardware 

System Properties (Remote Tab) - systempropertiesremote 

System Properties (System Protection Tab) - systempropertiesprotection 

System Restore - rstrui 

Tablet PC Input Panel - tabtip* 

Task Manager - taskmgr 

Task Scheduler - taskschd 

Trusted Platform Module (TPM) Management - tpm 

User Account Control Settings - useraccountcontrolsettings 

Utility Manager - utilman 

Version Reporter Applet - winver 

Volume Mixer - sndvol 

Windows Activation Client - slui 

Windows Anytime Upgrade Results - windowsanytimeupgraderesults 

Windows Contacts - wab* 

Windows Disc Image Burning Tool - isoburn 

Windows DVD Maker - dvdmaker* 

Windows Easy Transfer - migwiz* 

Windows Explorer - explorer 

Windows Fax and Scan - wfs 

Windows Features - optionalfeatures 

Windows Firewall with Advanced Security - wf 

Windows Help and Support - winhlp32 

Windows Journal - journal* 

Windows Media Player - wmplayer* 

Windows Memory Diagnostic Scheduler - mdsched 

Windows Mobility Center - mblctr 

Windows Picture Acquisition Wizard - wiaacmgr 

Windows PowerShell - powershell* 

Windows PowerShell ISE - powershell_ise* 

Windows Remote Assistance - msra 

Windows Repair Disc - recdisc 

Windows Script Host - wscript 

Windows Update - wuapp 

Windows Update Standalone Installer - wusa 

WMI Management - wmimgmt 

WMI Tester - wbemtest 

WordPad - write 

XPS Viewer - xpsrchvw 

Access Screen Resolution page - desk.cpl 

Access Mouse properties - main.cpl 

Access Windows Action Center - wscui.cpl 

Access Network Adapters - ncpa.cpl 

Access Power Option - powercfg.cpl 

Access the Programs and Features Window - appwiz.cpl 

Access the System Properties - sysdm.cpl

Access the Windows Firewall - firewall.cpl 

Common Printer Issues and troubleshooting steps

Blank Pages

The sealing tape or tab may not have been removed from your toner cartridge.

• Solution: Remove the sealing tape or tab and re-install the cartridge.

Your toner cartridge could be empty.

• Solution: Replace the toner cartridge.

Black Pages

Your toner cartridge could be installed improperly.

• Solution: Reinstall the toner cartridge. If it still doesn't work, replace the cartridge.

Thin, dark, vertical black lines

Your toner cartridge could be empty or defective.

• Solution: Check the cartridge and replace if necessary.

Skewed Image / Jamming

The paper may be loaded incorrectly.

• Solution: Reload the paper, checking the paper guides and make sure your paper is loaded under the corner tabs in the paper tray.

Faulty registration / Jamming

Your paper could be too light or heavy.

• Solution: Check the paper weight specifications for your printer, then load paper stock with the correct specifications.

The paper could be loaded incorrectly, or the paper guides could be out of alignment.

• Solution: Reload the paper and check the paper guides.

The leading edge of the paper could be curled.

• Solution: Reload paper that doesn't have curled edges.

The paper tray could be overloaded.

• Solution: Reload the paper, leaving the tray 1/4" empty from the top.

Light or faded print

Your paper could be too light or heavy.

• Solution: Check the paper weight specifications for your printer, then load paper stock with the correct specifications.

Your toner cartridge could be empty or low.

• Solution: Replace the toner cartridge.

Printer could be in TONER SAVE mode.

• Solution: Check your settings.

Horizontal lines or repetitive defect

The toner cartridge could be not seated properly or defective.

• Solution: Reinstall the toner cartridge; if that doesn't work, install a new toner cartridge.

Background scatter

Your paper could be too light or heavy.

• Solution: Check the paper weight specifications for your printer, then load paper stock with the correct specifications.

The paper could be wet.

• Solution: Change the paper.

The inside of the printer could be dirty.

• Solution: Arrange to have your printer cleaned.

Dirt on the back of the page

The inside of the printer could be dirty.

• Solution: Arrange to have your printer cleaned.

Toner might have leaked from the toner cartridge.

• Solution: Carefully replace the toner cartridge with a new one.

Thin verticle white lines or strips

• The printer could be dirty.
  Solution: Arrange to have your printer cleaned.

• The toner cartridge may be nearly empty.
  Solution: Replace the toner cartridge.

Compressed or garbled print

• The print fonts on your document may be incompatible with the printer.
  Solution: Change fonts or simplify your layout.

• Possible network problem
  Solution: If your printer is networked, contact your IT Dept.

Blank portions on page

The page layout may be too complex.

• Solution: Simplify the layout, or set Page Protect to ON or AUTO.

You may be printing on legal size paper when the printer software specifies letter size.

• Solution: Check the settings on your software driver.

Your cartridge may be low on toner.

• Solution: Replace the toner cartridge.

The printer may not have enough memory.

• Solution: Simplify the layout, or get a memory upgrade.

Operating System Issues  

Dim Display: Check the brightness settings. If they are set to auto, consider manually setting the brightness. When a device goes into battery saver mode, the display is usually dimmed. On a laptop, the backlight could be failing or have failed. 

Intermittent wireless: The usual cause is the device being too far from a wireless access point. Wireless access points should be placed in a central location in a room, high above the ground. Check also for interference from microwaves, large magnetic devices, and large water tanks. 

No wireless connectivity: Make sure the wireless on/off key or airplane key has not been pressed. Make sure the wireless adapter is enabled. Try connecting another device to the wireless network to determine whether the problem is with the device itself or, as in the case where multiple devices fail to connect, the wireless access point. 

No Bluetooth connectivity: Make sure Bluetooth is turned on. When a device goes into a battery saver mode, often Bluetooth will be turned off and will not turn back on after the device is charged. If Bluetooth is on, try re-pairing it with a Bluetooth device it was previously paired with. 

Can not  broadcast to external monitor: Make sure any external displays are plugged in properly. Check the screen settings on the original device to make sure it recognizes the second display and that projection settings are set to use both monitors. Try another external display to see if the problem is with the display or the device. 

Touch screen non responsive: First, restart the device. If the problem still exists, remove the covering on the screen (if there is one) and clean the screen. If the problem still exists, gently knock each corner of the screen. The last resort is to send the device to an authorized repair agent. 

Apps not loading: If an app will not load, take the following steps to try to fix the app: 

• Force stop the app. 

• Clear the cache for the app. 

• Clear the data for the app. 

• Update the app. 

• Uninstall and reinstall the app. 

• Restart the device. 

• Check for overall system updates. 

Slow performance: Similar to desktop computers, mobile devices will slow down as apps are added and storage space is filled. Check storage availability to see if it is low. Check background processes to see if one or more is using a high amount of processor percentage. Delete any unneeded apps. 

Unable to decrypt email: For many corporate email accounts, a certificate is needed in order to decrypt email. Check the email server to see if there is a certificate which needs to be imported into the device. If the device has full encryption, it may need to be decrypted. 

Extremely short battery life: Make sure the device can hold a charge. To isolate the problem to a device or a charger, try a different charger. Check for cracks around the charging port as that can affect a device’s ability to charge. The following services, when enabled, will shorten battery life: Brightness (the higher it is, the shorter the battery life); Constant searching for signals; Streaming data; GPS – the more apps using location services, the faster the battery drains. 

Overheating: Overheating can ruin a battery and also the device itself. Avoid subjecting a device to extreme temperature change. The following factors can prevent overheating: 

• Avoid direct sunlight. 

• Turn off unused apps. 

• Avoid the automatic brightness setting. 

• Disable unneeded network connections (like Bluetooth). 

• Remove the case (on a phone) when it is not needed. 

Frozen system: Try a soft reset. If the battery is removable, pull it out for 10-15 seconds and then put it back in. Recent updates can cause instability which can cause a frozen system. If an app is causing it, uninstall the app. The device itself may be defective. 

No sound from speakers: Check to make sure volume is up and the speaker connector is plugged in all the way. Try a different pair of speakers or headphones to rule out the sound card. If these are Bluetooth speakers, follow the same guidelines for troubleshooting Bluetooth connectivity. 

Inaccurate touchscreen response: Run a calibration app to attempt to fix the problem. 

System lockout: This occurs when one cannot log in to a device. The most likely solution is a factory reset unless the device supports a lock-disabling mechanism remotely (like iCloud for iOS devices). 

 Mobile OS Application Troubleshooting Tools  

Hard reset: This is a last resort in troubleshooting as this task will restore a device to its factory settings, thus erasing the device. This is usually done through a button combination, with one example for many devices being, with the power off, to hold down the power and volume buttons until the device’s logo appears, then release the buttons and re-press and hold the power button. 

Soft reset: This involves turning off the device and turning it back on. No data is lost. 

Close running apps: On an iOS device, double-tap the Home button and then swipe the app off of the screen. On an Android device, the usual process is to tap the square button and then swipe the app off of the device. 

Reset to factory default: On an Android device, use Backup and Reset in the Settings area. On an iOS device, use the Reset option, located in the General area under Settings. Always backup the data on the device before doing a factory reset as a factory reset will wipe the data off of the device. 

Adjust configurations/settings: To improve performance, consider making the following configuration adjustments: 

• Use battery save mode whenever possible. 

• Transmit data over Wi-Fi as much as possible. 

• Make calls over Wi-Fi when possible. 

• Avoid too high of a brightness setting for the display. 

• Limit the amount of notifications received. 

Uninstall/reinstall apps: If an app is running poorly, uninstall and reinstall it. Mobile apps are updated far more often than desktop apps. 

Force stop: Under Settings, find the app which is causing an issue and force the app to stop. This is especially important to do for apps which cannot be uninstalled. 

Mobile OS Application Security Issues 

Signal drop/weak signal: Caused when device is in a bad geographic area or there is interference inside of a building (like very thick walls). If this is an indoor problem, get and install a cellular repeater as this will boost cellular signals inside of a building. 

Power drain: Check the battery settings on the device to see which apps and processes are using the highest battery percentage. Having Bluetooth and location services on all of the time will lower the battery life. 

Slow data speeds: If the device is on a Wi-Fi network, it is sharing bandwidth with other devices on the network. The user may be in a remote area or a zone that doesn’t get a good connection. If a user goes over a data plan, the provider could throttle the speed down for the remainder of the billing period. 

Unintended wifi connection: Make sure the device is not set to automatically connect to Wi-Fi networks as it moves from area to area. If a device can connect to a Wi-Fi network in this manner and without any form of authentication, the network is most likely an open network and thus is not secure. 

Unintended Bluetooth pairing: Make sure the device is not set to automatically discover other Bluetooth devices. If one suspects a device has been paired without authorization, Bluetooth should be turned off immediately. 

Leaked personal files/data: The following steps can be taken to avoid having personal data leak into unwanted sources: 

• Make it harder to shoulder surf by holding the device at an angle to where one   cannot easily look over a shoulder to see device activity. 

• Avoid viewing confidential data while connected to public Wi-Fi networks. 

• Use an antimalware program. 

• Consider third-party encryption for sending data to and from the cloud. 

• Change passwords frequently. 

Data transmission over limit: If a mobile device has a cellular plan with a data limit during a billing cycle, the cellular provider will often throttle data for the remainder of the billing period and/or increase charges on the phone bill. To avoid this situation, one should use Wi-Fi as much as possible and only use the mobile device as a hotspot when necessary. 

Unauthorized account access: On any suspicion of someone else accessing one’s account, the account password should be changed right away. Many apps (such as Gmail) will show where and when a login took place. 

Unauthorized root access: When a device is rooted (known as jailbreaking in iOS), interfaces and apps which would not otherwise be allowed are allowed. The problem caused with rooting a device is that a user has unrestricted access to the entire file system. If a hacker accesses the device, the hacker will also have unrestricted file access to the device. 

Unauthorized location tracking: Possible with some apps on devices and more possible if the device has been rooted. Location tracking should only be on when needed and can usually be controlled on an app-by-app basis. 

Unauthorized camera/microphone activation: Some malicious apps will take over a device’s camera and/or microphone. If this is suspected, run an antimalware app to check for malware. 

High resource utilization: Look at device settings to see what is running to cause the high resource utilization. If the app or process is not needed, turn it off, or, if necessary, do a force stop on the app or process. 

To prevent problems caused by apps, always check an app to see what kind of access it will want on a device before installing the app. For example, many apps need access to a device’s microphone. If one does not feel comfortable with that scenario, the app should not be installed.  

Mobile OS Application Security Tools 

Anti malware: Use antimalware on a mobile device to scan both data and apps. Many antimalware apps will scan an app after it has been downloaded. This is especially important for apps obtained from untrusted sources, as is allowed on Android and Windows devices. 

App scanner: This tool will scan a mobile device to see which apps have not been recently used and then will offer to uninstall those apps. 

Factory reset: Make sure data is backed up before doing a factory reset as a factory reset will erase any data present on the device. 

Uninstall/reinstall apps: Often, uninstalling an app and then reinstalling it will fix any bugs apps may have. 

Wi-fi analyzer: An app used to examine surrounding wireless networks. This will help a user locate a possible SSID for use to connect to a wireless network. Many of these apps will also show signal strength of surrounding wireless access points. 

Force stop: This tool stops an app or process on a device. This is an effective way to stop an app or process utilizing a high amount of resources on the device. 

Cell tower analyzer: A third-party app which scans for and locates cell towers near a location. 

Backup/restore: Data should be backed up on a regular basis, especially given the possibility that a factory reset may be needed on a mobile device. The following backup tools for each mobile operating system are as follows: 

iOS: iCloud and iTunes (iTunes for desktop synchronization) 

Android: Google Sync, which is used for synchronizing account data across multiple devices. 

Windows: OneDrive 

Common Mobile Device Symptoms 

First thing first: always follow the warranty. 

No power: If there is no light on the motherboard, the power supply is most likely the problem and needs to be replaced. If a light does appear on the motherboard, make sure the power is properly connected to the motherboard. If that is not the problem, it could be a bad CPU. 

 Removing Malware 

1. Identify the symptoms. 

2. Quarantine the infected system. 

3. Disable system restore (On Windows). 

4. Remediate the infected system. 

5. Schedule automatic updates and scan. 

6. Re-enable system restore. 

7. Provide end-user awareness training. 

Incident Response 

Procedure that in investigator follows when examining a security incident. 

Six basic steps involved: 

Preparation – organization has well planned procedures, preparation. 

Identification – recognize whether an event should be classified as an incident. 

Containment – focused on isolating the incident. 

Eradication – remove the threat or attack. 

Recovery – data restoration, system repair, and re-enabling system. 

Lessons Learned – no regrets in life. Just lessons learned.